[PATCHES] nss-wrapper 1.1.2 in samba -- and fixes for samba
Michael Adam
obnox at samba.org
Mon Jan 11 02:02:54 UTC 2016
On 2016-01-08 at 10:49 +0100, Andreas Schneider wrote:
> On Wednesday 23 December 2015 18:24:37 Michael Adam wrote:
> > FYI I had a discussion with Metze.
> > He requested to do the change I did with the
> > addition to tsocket differently, adding a helper
> > function to (e.g.) the torture code instead.
> >
> > I will follow up with an updated patchset.
>
> reminder ;)
Updated patchset of the fixes to testcases (without adding
a function to tsocket) attached.
The nwrap patches are not changed and not re-attached here.
Review appreciated!
Thanks - Michael
-------------- next part --------------
From 4053e401f1d036365b1f47df4c77b9ccd44a654c Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 17 Dec 2015 13:56:16 +0100
Subject: [PATCH 1/5] torture: fix the ldap.cldap test
This makes sure a host*NAME* handed in will get properly resolved.
Bug uncovered by the new nss_wrapper code (1.1.2) which fixed
the handling of the AI_NUMERICHOST flag in getaddrinfo.
Signed-off-by: Michael Adam <obnox at samba.org>
---
source4/torture/ldap/cldap.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c
index 6a925cf..6a9e9e1 100644
--- a/source4/torture/ldap/cldap.c
+++ b/source4/torture/ldap/cldap.c
@@ -24,6 +24,7 @@
#include "includes.h"
#include "libcli/cldap/cldap.h"
#include "libcli/ldap/ldap_client.h"
+#include "libcli/resolve/resolve.h"
#include "param/param.h"
#include "../lib/tsocket/tsocket.h"
@@ -87,10 +88,20 @@ static bool test_cldap_generic(struct torture_context *tctx, const char *dest)
const char *attrs2[] = { "currentTime", "highestCommittedUSN", "netlogon", NULL };
const char *attrs3[] = { "netlogon", NULL };
struct tsocket_address *dest_addr;
+ const char *ip;
+ struct nbt_name nbt_name;
int ret;
+ make_nbt_name_server(&nbt_name, dest);
+
+ status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+ 0, 0, &nbt_name, tctx, &ip, tctx->ev);
+ torture_assert_ntstatus_ok(tctx, status,
+ talloc_asprintf(tctx,"Failed to resolve %s: %s",
+ nbt_name.name, nt_errstr(status)));
+
ret = tsocket_address_inet_from_strings(tctx, "ip",
- dest,
+ ip,
lpcfg_cldap_port(tctx->lp_ctx),
&dest_addr);
CHECK_VAL(ret, 0);
--
2.5.0
From 440452659b8fc2bb42df260e050b9756d263759c Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 17 Dec 2015 13:58:12 +0100
Subject: [PATCH 2/5] torture: fix the ldap.netlogon-udp test
This makes sure a host*NAME* handed in will get properly resolved.
Bug uncovered by the new nss_wrapper code (1.1.2) which fixed
the handling of the AI_NUMERICHOST flag in getaddrinfo.
Signed-off-by: Michael Adam <obnox at samba.org>
---
source4/torture/ldap/netlogon.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/source4/torture/ldap/netlogon.c b/source4/torture/ldap/netlogon.c
index d632aaf..1b43ea7 100644
--- a/source4/torture/ldap/netlogon.c
+++ b/source4/torture/ldap/netlogon.c
@@ -25,6 +25,7 @@
#include "libcli/cldap/cldap.h"
#include "libcli/ldap/ldap_client.h"
#include "libcli/ldap/ldap_ndr.h"
+#include "libcli/resolve/resolve.h"
#include "librpc/gen_ndr/netlogon.h"
#include "param/param.h"
#include "../lib/tsocket/tsocket.h"
@@ -579,14 +580,24 @@ static NTSTATUS udp_ldap_netlogon(void *data,
bool torture_netlogon_udp(struct torture_context *tctx)
{
const char *host = torture_setting_string(tctx, "host", NULL);
+ const char *ip;
+ struct nbt_name nbt_name;
bool ret = true;
int r;
struct cldap_socket *cldap;
NTSTATUS status;
struct tsocket_address *dest_addr;
+ make_nbt_name_server(&nbt_name, host);
+
+ status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+ 0, 0, &nbt_name, tctx, &ip, tctx->ev);
+ torture_assert_ntstatus_ok(tctx, status,
+ talloc_asprintf(tctx,"Failed to resolve %s: %s",
+ nbt_name.name, nt_errstr(status)));
+
r = tsocket_address_inet_from_strings(tctx, "ip",
- host,
+ ip,
lpcfg_cldap_port(tctx->lp_ctx),
&dest_addr);
CHECK_VAL(r, 0);
--
2.5.0
From e944a01e780ae57d2908240bbc57cafab9d493f8 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 17 Dec 2015 13:59:40 +0100
Subject: [PATCH 3/5] torture: fix check_dom_trust_pw in the rpc:lsa test
This makes sure a host*NAME* handed in will get properly resolved.
Bug uncovered by the new nss_wrapper code (1.1.2) which fixed
the handling of the AI_NUMERICHOST flag in getaddrinfo.
Signed-off-by: Michael Adam <obnox at samba.org>
---
source4/torture/rpc/lsa.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 4ba246f..d336016 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -36,6 +36,7 @@
#include "source4/auth/kerberos/kerberos_util.h"
#include "lib/util/util_net.h"
#include "../lib/crypto/crypto.h"
+#include "libcli/resolve/resolve.h"
#define TEST_MACHINENAME "lsatestmach"
#define TRUSTPW "12345678"
@@ -4127,6 +4128,8 @@ static bool check_dom_trust_pw(struct dcerpc_pipe *p,
char *workstation = NULL;
const char *binding = torture_setting_string(tctx, "binding", NULL);
const char *host = torture_setting_string(tctx, "host", NULL);
+ const char *ip;
+ struct nbt_name nbt_name;
struct dcerpc_binding *b2;
struct netlogon_creds_CredentialState *creds;
struct samr_CryptPassword samr_crypt_password;
@@ -4182,8 +4185,16 @@ static bool check_dom_trust_pw(struct dcerpc_pipe *p,
cli_credentials_set_workstation(incoming_creds, workstation, CRED_SPECIFIED);
cli_credentials_set_secure_channel_type(incoming_creds, secure_channel_type);
+ make_nbt_name_server(&nbt_name, host);
+
+ status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+ 0, 0, &nbt_name, tctx, &ip, tctx->ev);
+ torture_assert_ntstatus_ok(tctx, status,
+ talloc_asprintf(tctx,"Failed to resolve %s: %s",
+ nbt_name.name, nt_errstr(status)));
+
rc = tsocket_address_inet_from_strings(tctx, "ip",
- host,
+ ip,
lpcfg_cldap_port(tctx->lp_ctx),
&dest_addr);
torture_assert_int_equal(tctx, rc, 0,
--
2.5.0
From 91018f8b7e4569a957284f1f879e9e902d9cc22d Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Thu, 17 Dec 2015 13:59:58 +0100
Subject: [PATCH 4/5] torture: fix check_pw_with_krb5 in the rpc:lsa test
Don't use AI_NUMERICHOST for getaddrinfo.
This is so that a host*NAME* handed in will get properly resolved.
Bug uncovered by the new nss_wrapper code (1.1.2) which fixed
the handling of the AI_NUMERICHOST flag in getaddrinfo.
Signed-off-by: Michael Adam <obnox at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
---
source4/torture/rpc/lsa.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index d336016..d2180db 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -3217,7 +3217,7 @@ static bool check_pw_with_krb5(struct torture_context *tctx,
k5ret = smb_krb5_init_context(ctx, tctx->lp_ctx, &ctx->smb_krb5_context);
torture_assert_int_equal(tctx, k5ret, 0, "smb_krb5_init_context failed");
- ok = interpret_string_addr_internal(&ctx->server, host, AI_NUMERICHOST);
+ ok = interpret_string_addr_internal(&ctx->server, host, 0);
torture_assert(tctx, ok, "Failed to parse target server");
talloc_set_destructor(ctx, check_pw_with_krb5_ctx_destructor);
--
2.5.0
From f44da22b69af474d29ac21b3e0dcd082d0c6b3e7 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox at samba.org>
Date: Fri, 18 Dec 2015 19:11:43 +0100
Subject: [PATCH 5/5] torture: Fix winbind.wbclient.ResolveWinsByIp test
The test gets handed a name, so we first need
to resolve the name to an IP before we can
pass that on to ResolveWinsByIp.
Bug uncovered by the new nss_wrapper code (1.1.2).
Signed-off-by: Michael Adam <obnox at samba.org>
---
nsswitch/libwbclient/tests/wbclient.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c
index 5bce0ae..d482ed2 100644
--- a/nsswitch/libwbclient/tests/wbclient.c
+++ b/nsswitch/libwbclient/tests/wbclient.c
@@ -22,6 +22,7 @@
#include "libcli/util/werror.h"
#include "lib/util/data_blob.h"
#include "lib/util/time.h"
+#include "libcli/resolve/resolve.h"
#include "nsswitch/libwbclient/wbclient.h"
#include "torture/smbtorture.h"
#include "torture/winbind/proto.h"
@@ -418,10 +419,21 @@ static bool test_wbc_resolve_winsbyname(struct torture_context *tctx)
static bool test_wbc_resolve_winsbyip(struct torture_context *tctx)
{
const char *ip;
+ const char *host;
+ struct nbt_name nbt_name;
char *name;
wbcErr ret;
+ NTSTATUS status;
- ip = torture_setting_string(tctx, "host", NULL);
+ host = torture_setting_string(tctx, "host", NULL);
+
+ make_nbt_name_server(&nbt_name, host);
+
+ status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+ 0, 0, &nbt_name, tctx, &ip, tctx->ev);
+ torture_assert_ntstatus_ok(tctx, status,
+ talloc_asprintf(tctx,"Failed to resolve %s: %s",
+ nbt_name.name, nt_errstr(status)));
ret = wbcResolveWinsByIP(ip, &name);
--
2.5.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20160111/afb5b6b1/signature.sig>
More information about the samba-technical
mailing list